clower_element

Members
  • Content count

    98
  • Joined

  • Last visited

About clower_element

  • Rank
    Regular Member

Recent Profile Visitors

1,747 profile views
  1. Hi Kevin I uninstalled MSE, restarted my laptop and installed fresh MSE from the link you provided. MSE seemed to install fine. It also performed its first self update and self scan automatically. I watched the scan run and this time for the duration of the whole scan the warning message DIDN'T resurface. Scan completed with no infections found. I'm going to monitor MSE scans for couple more days and come back (probably on Monday) to report if the dreaded warning message comes back again. I am secretly hoping it was just some kind of corruption with the old MSE at this point and nothing sinister lurking on my laptop. Thank you
  2. I will uninstall MSE from Control Panel and reinstall it tomorrow. I will report how it went tomorrow. I have to go to bed now. Thank you for your help so far,Kevin. Very much appreciated.
  3. Here are results of the GMER scan. I think it found something. Are these real threats or false positives? If they are false positives how do I release them back into my system. I still have got the Gmer Interface open. GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-23 22:15:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465.76GB Running: mxm852ir.exe; Driver: C:\Users\MCNEELY\AppData\Local\Temp\uwtirkog.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38e4dd08 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38e4dd08 (not active ControlSet) ---- EOF - GMER 2.2 ---- Thank you
  4. That image I posted that identifies this entry C:\MSOCache\All I actually took just as an example to document the existence of the warning message when my MSE was scanning. It is not an actual spot where MSE would stall and and that warning message appeared. It is even hard to tell whether the message comes up at exactly the same spot each time because I have got a funny suspicion I have seen the message appearing in different spots in the past few days. I don't know if this helps a bit but I have just ran MSE quick scan twice in a row to catch MSE in action in real time and used the print screen button on my laptop to document the first appearance of the warning message. Strangely this time on both occasions the item in question seems to be "schvost". Also I have to add I don't have a USB flash drive. and used the print screen button on Thank you
  5. I stopped and changed those 2 Vaio entries to disabled. Then I ran MSE scan. The same problem with MSE persists. After the MSE scan I changed back those 2 Vaio entries I previously disabled back to "started". Thank you
  6. Hi Kevin Strangely there are no VAIO Care entries listed under the Services. Thank you
  7. Hi Kevin Thank you for your reply again. I followed step by step instructions from this link https://support.microsoft.com/en-gb/kb/929135 you kindly provided and set windows up for clean boot mode. Whilst in the clean boot mode I launched MSE and ran a quick scan. MSE behaved exactly the same as it currently behaves in my normal mode. Again it showed exactly the same warning message in its interface whilst it was running a scan and when it finished its scan there were no detections listed under MSE history tab. One thing I would like to mention. MSE was about half way into scanning and suddenly UAC popped up asking me whether I wanted (I think it was Vaio Care, can’t be sure 100%) to make changes to my computer. I had no idea how to deal with this in the clean boot mode (whether to allow it or not). I just closed this pop up window and soon after MSE finished scanning I left this mode and reset my laptop to start normally. Everything loaded back to normal as far as I could see except MSE icon was missing from the system tray next to the clock…. I had to kill msseces.exe process in the task manager to bring the icon back. I am not really sure what to do next with my findings. I am having one of those moments not fully understanding perfectly good set of instructions. Thank you
  8. Hi Kevin Thank you for your instructions. I followed them. Here is the Fixlog: Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by MCNEELY (21-03-2017 15:25:05) Run:1 Running from C:\Users\MCNEELY\Desktop Loaded Profiles: MCNEELY (Available Profiles: MCNEELY) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: CHR Extension: (Chrome Media Router) - C:\Users\MCNEELY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-11] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X] S3 semav6thermal64ro; \??\C:\Windows\system32\drivers\semav6thermal64ro.sys [X] FirewallRules: [{640BEBBD-8664-4167-A781-6A6FB2D7039D}] => (Allow) svchost.exe FirewallRules: [{CEFFC1E8-7BAE-41E3-9129-C6AE00C67EC9}] => (Allow) LPort=2869 FirewallRules: [{0AF7EAF7-2CE0-403D-8652-0A5AD8E925C6}] => (Allow) LPort=1900 CMD: ipconfig /flushdns Hosts: EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. C:\Users\MCNEELY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully HKLM\System\CurrentControlSet\Services\catchme => key removed successfully catchme => service removed successfully HKLM\System\CurrentControlSet\Services\semav6msr64 => key removed successfully semav6msr64 => service removed successfully HKLM\System\CurrentControlSet\Services\semav6thermal64ro => key removed successfully semav6thermal64ro => service removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{640BEBBD-8664-4167-A781-6A6FB2D7039D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CEFFC1E8-7BAE-41E3-9129-C6AE00C67EC9} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AF7EAF7-2CE0-403D-8652-0A5AD8E925C6} => value removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28070926 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 177135792 B Edge => 0 B Chrome => 27053838 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 0 B NetworkService => 6832276 B MCNEELY => 103222933 B RecycleBin => 291038848 B EmptyTemp: => 612 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:25:50 ==== After I was done with the Fixlist.txt I went to test MSE which is the main concern of mine and the cause why I started this thread in the first place. Sadly, it looks like nothing has changed and the same problem with MSE persists. First Quick Manual Scan finished without the dreaded message but an hour or so later I performed Full Manual Scan and the warning message“ Preliminary results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed” appeared AGAIN. Then I ran another Quick Manual scan and it presented the same dreaded message too. Of course nothing is ever detected. Pics of MSE in scanning mode and couple event viewer logs, one when it completes the scan and one more log straight after it. I really have no clue what is causing this. Is there anything else we could try? Thanks
  9. Here are the rest of the requested logs. # AdwCleaner v6.044 - Logfile created 21/03/2017 at 10:49:18 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-20.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : MCNEELY - MCNEELY-VAIO # Running from : C:\Users\MCNEELY\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\MCNEELY\AppData\LocalLow\HPAppData [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Auslogics ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ***** [ Web browsers ] ***** [-] [C:\Users\MCNEELY\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1164 Bytes] - [21/03/2017 10:49:18] C:\AdwCleaner\AdwCleaner[S0].txt - [1415 Bytes] - [21/03/2017 10:10:15] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1310 Bytes] ########## --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.44, January 2017 (build 5.44.13400.0) Started On Wed Jan 11 11:28:48 2017 Engine: 1.1.13303.0 Signatures: 1.233.3409.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 11 11:31:44 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.45, February 2017 (build 5.45.13501.0) Started On Fri Feb 24 14:59:53 2017 Engine: 1.1.13407.0 Signatures: 1.235.1858.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 24 15:02:36 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.46, March 2017 (build 5.46.13601.0) Started On Wed Mar 15 13:33:05 2017 Engine: 1.1.13504.0 Signatures: 1.237.571.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 15 13:35:44 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.46, March 2017 (build 5.46.13601.0) Started On Tue Mar 21 11:12:38 2017 Engine: 1.1.13504.0 Signatures: 1.237.571.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 21 11:17:02 2017 Return code: 0 (0x0) FRST.txt Addition.txt
  10. Hi kevinf80 Thank you very much for your kind reply and your instructions. Very much appreciated . So far I have.... Used MBAM clean tool twice, installed Malwarebytes version 3 and run a scan. Here are the scan results: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/21/17 Scan Time: 1:56 AM Logfile: new mbam threat scan.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.75 Update Package Version: 1.0.1550 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: MCNEELY-VAIO\MCNEELY -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 395926 Time Elapsed: 15 min, 27 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) I've also downloaded AdwCleaner and run it. I am just posting the log file with all the detections it found at the moment. Please would you be so kind and advise me which items to keep because I have no idea what it found. For example I don't want to cripple my HP printer if this detection " Folder Found: C:\Users\MCNEELY\AppData\LocalLow\HPAppData" relates to my printer and the same goes for the other detections as well. # AdwCleaner v6.044 - Logfile created 21/03/2017 at 10:10:15 # Updated on 28/02/2017 by Malwarebytes # Database : 2017-03-20.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : MCNEELY - MCNEELY-VAIO # Running from : C:\Users\MCNEELY\Desktop\AdwCleaner.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Users\MCNEELY\AppData\LocalLow\HPAppData Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Auslogics ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\MCNEELY\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [1263 Bytes] - [21/03/2017 10:10:15] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1336 Bytes] ########## I will carry on with AdwCleaner cleaning and the rest of the steps after your advice. Thank you
  11. Hi I am worried about my laptop and would like your help please. MSE is giving me inconclusive feedback. There might be some infection lurking somewhere affecting MSE and MSE is not capable to deal with it fully. I don’t know how long this has been going on because I only discovered I was having an issue when I ran Full Manual MSE scan and watched the scan running 4 days ago. Couple minutes into Quick/Automatic/Full scans by MSE a warning message suddenly appears in MSE interface saying “ Preliminary results show that malicious or potentially unwanted software might exist on your system. You can review detected items when the scan has completed”. But when the scans complete there are no signs of any detections listed anywhere to be seen. There are no detections listed under the MSE “History tab” under all detected items/quarantine either. There is a log in the “Event Viewer” straight after the MSE scan finishes which says “Microsoft Antimalware Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware”. Finding what is wrong with my system would be very much appreciated. Thank you FRST_20-03-2017 15.04.02.txt Addition_20-03-2017 15.04.02.txt
  12. Strangely I haven't experienced any problems for several days now either. The only trouble days after MBAE reinstall looking at the logs when MBAE was completely dead again were 28th and 29th December 2016 and since then it has been fine for some reason. Nothing on my laptop updated except MSE and MBAM definitions.
  13. Here are the requested log files. FRST.txt Addition.txt
  14. Here are the logs. Please let me know if I did it incorrectly. I have never done this before. Thanks mbae-service.zip
  15. BAD NEWS ! The clean reinstall only seemed to work yesterday. Turned off my laptop before I went to bed and turned it back on this morning and the same problems persist: 1. MBAE not displaying the icon in system tray 2. The MBAE pop up again telling me " The Malwarebytes Anti-Exploit service is taking too long to start. Please reboot your computer to restart protection." I did another reboot but it didn't solve the problem again. Task manager only listed MBAE process when I first turned my laptop on, after a reboot the MBAE process is not even listed there. 3. Can't launch GUI when I click on Windows Start button and click on MBAE there it just does nothing when I click it. 4. When I open my browsers the protection balloon is nowhere to be seem Again MBAE is stone cold. Need help, please. Thanks